Re-register an agent

[SitoRBJ]

Hello team,

When we register an agent and then deregister it, Ansible does not have the ability to re-register it due to the conditions of the registration tasks.

check_keys.stat.exists == false or check_keys.stat.size == 0

An option could be to consult the API of Wazuh if it has the agent in question and in case of not having it to enable an additional condition for the tasks of registry.

We can find related information and ideas on how to proceed on this mailing list:

https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/wazuh/4-UhadhubEI/z9CLjt0lAQAJ

Regards,

Alfonso

[jesuslinares]

Hi,

It is the expected behavior: the agent will be registered only the first time that Ansible runs.

We should research how to re-register an agent explicitly.

[coryrwagner]

This would help with an issue I see frequently, where agents get duplicate IDs from the manager during registration, so only one of them is truly registered and they all think they have been registered with the same ID.

[paulcalabro]

@coryrwagner Are the agents in front of a load balancer?

[shrivastavshubham34]

Running this play on a wide infrastructure, I thought something like this can help solve the problem:

- name: Wazuh | Check if client.keys exists
  stat: path=/var/ossec/etc/client.keys
  register: check_keys

But for wazuh agent v3.9.0, whenever you run this task over a machine with an already connected agent, a new agent with the same name pops-up. Is this issue still open?

[sergiogp98]

Hi,

Since Wazuh 4.0 version, there is a new feature called auto-enrollment which solves this issue. The agent and manager are continuously checking connectivity between them. In case you deregister an agent, after a few seconds the agent will lose the connection with the manager and after the agent will try to reconnect:

SG